| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pg_hba options parsing |
| Date: | 2008-10-11 17:12:43 |
| Message-ID: | 48F0DE8B.8030004@hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Magnus Hagander wrote:
> This patch changes the options field of pg_hba.conf to take name/value
> pairs instead of a fixed string. This makes it a lot nicer to deal with
> auth methods that need more than one parameter, such as LDAP.
>
> While at it, it also adds map support to kerberos, gssapi and sspi and
> not just ident - basically all methods where the username comes from an
> outside source (lmk if I missed one).
>
> Also in passing, changes the methods in auth.c to deal with "unsupported
> auth method on this platform" errors the same way for all authentication
> methods.
>
> I intend to build on this patch to support setting some
> Kerberos/GSSAPI/SSPI parameters on a per-connection base, but wanted to
> get the basics in first.
>
> Obviously, documentation still pending. I'm working on that in parallel.
>
>
> So, comments? Both in general, and specifically on if we need to do
> backwards compatible parsing of LDAP options (doing it of all the other
> options would be trivial, but LDAP would be harder)
Updated version of this patch, now with doc changes.
//Magnus
| Attachment | Content-Type | Size |
|---|---|---|
| hba_options.patch | text/x-diff | 50.7 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2008-10-11 17:55:44 | Re: patch: array_ndims |
| Previous Message | dpage | 2008-10-11 16:43:58 | Re: About postgresql8.3.3 build in MS VS2005 |